AHA Projects

BGP and Static Route redistribution using HPE Comware

alim / October 7, 2020

Very interesting situation I came across in recent days.  Let’s take a look at the diagram below:

The diagram shows:

  • An AGGR-switch which is an HPE Comware based switch. It has connections to the Core-X and EDGE-Switch(es)
  • Core-X is the Core network, which are Cisco devices… [I don’t have Cisco devices at the moment, Comware is being used to illustrate static routes]
  • Edge-Switch(es) which are connected to the AGGR-Switch [ This is also Comware, but only to illustrate BGP]

The requirements are:

  • A need to have BGP peering between the AGGR-Switch and the EDGE-Switch(es)
  • A need for EDGE-Switches to reach the core for specific subnets (e.g. DNS, NTP,etc.)
    • In this example subnets 40.40.40.0/24 & 20.20.20.0/24
  • The Core do not want to have a BGP relationship, nor see BGP updates from the EDGE-Switch(es)
  • Isolate the EDGE devices from being reached by the Core

DISCLAIMER: The material presented in this blog is for educational and training purposes only.  Neither the author(s) nor Ahaliblogger©   assume any liability or responsibility to any person or entity with respect to loss or damages incurred from the information contained in this blog.

Solution

The idea is to use static routes, a few of them, on the AGGR-Switch towards the Core – then redistribute them in BGP; which is used between AGGR & EDGE switches. Finally, a few static routes on the Core switches to reach EDGE devices.

This will allow the EDGE switches to reach the networks (40.40.40.0/24 & 20.20.20.0/24), the Core won’t have BGP updates about them, and the Core won’t be able reach these devices either.

Configurations

On the AGGR-Switch the configuration should look like this (This is Comware):

  • vlan 11
  • description vlan 11 for 11.11.11.0/24
  • #
  • vlan 13
  • description vlan 13 for 13.13.13.0/24
  • #
  • interface LoopBack0
  • ip address 1.1.1.1 255.255.255.255
  • #
  • interface Vlan-interface11
  • description EDGE-Switch AS-518
  • ip address 11.11.11.1 255.255.255.0
  • #
  • interface Vlan-interface13
  • description Core-X
  • ip address 13.13.13.1 255.255.255.0
  • #
  • interface GigabitEthernet1/0
  • description connection to Core-X
  • port link-mode bridge
  • port link-type trunk
  • port trunk permit vlan all
  • #
  • interface GigabitEthernet2/0
  • description connection to EDGE-Switch AS-518
  • port link-mode bridge
  • port link-type trunk
  • port trunk permit vlan all
  • #

BGP and Static route configurations:

  • bgp 1211
  • router-id 1.1.1.1
  • peer 11.11.11.2 as-number 518
  • peer xx.xx.xx.xx as-number xxxx
  • #
  • address-family ipv4 unicast
  • import-route static
  • network 1.1.1.1 255.255.255.255
  • network 11.11.11.0 255.255.255.0
  • peer 11.11.11.2 enable
  • #
  • ip route-static 40.40.40.0 24 13.13.13.2
  • ip route-static 20.20.20.0 24 13.13.13.2
  • #

Configuration on Edge Switches (This is Comware)

  • vlan 11
  • description vlan 11 for 11.11.11.0/24
  • #
  • interface LoopBack0
  • ip address 2.2.2.2 255.255.255.255
  • #
  • interface Vlan-interface11
  • description AGGR-Switch 1211
  • ip address 11.11.11.2 255.255.255.0
  • #
  • interface GigabitEthernet1/0
  • port link-mode route
  • #
  • interface GigabitEthernet2/0
  • port link-mode bridge
  • description connection to AGGR-Switch
  • port link-type trunk
  • port trunk permit vlan all
  • #
  • bgp 518
  • router-id 2.2.2.2
  • peer 11.11.11.1 as-number 1211 < AGGR-Switch AS identified >
  • #
  • address-family ipv4 unicast
  • network 2.2.2.2 255.255.255.255
  • network 11.11.11.2 255.255.255.255
  • peer 11.11.11.1 enable

Configurations on Core (This is Comware)

  • #
  • vlan 20
  • description vlan 20 for 20.20.20.0/24
  • #
  • vlan 40
  • description vlan 40 for 40.40.40.0/24
  • #
  • interface LoopBack0
  • ip address 3.3.3.3 255.255.255.255
  • #
  • interface Vlan-interface13
  • description AGGR-Switch
  • ip address 13.13.13.2 255.255.255.0
  • #
  • interface Vlan-interface20
  • ip address 20.20.20.1 255.255.255.254
  • #
  • interface Vlan-interface40
  • ip address 40.40.40.1 255.255.255.254
  • #
  • interface GigabitEthernet2/0
  • port link-mode route
  • #
  • interface GigabitEthernet1/0
  • description connection to AGGR-Switch
  • port link-mode bridge
  • port link-type trunk
  • port trunk permit vlan all
  • #
  • #
  • ip route-static 2.2.2.0 24 13.13.13.1
  • ip route-static 11.11.11.0 24 13.13.13.1
  • #

Verification

Let’s check AGGR-Switch BGP neighbour relationship


We see our peer [11.11.11.2] is established with AS-518

Next AGGR-Switch BGP routing table:


We see 2.2.2.2/32, 11.11.11.0/24 from AS-518 (11.11.11.0/24 is directly connected). We also see 20.20.20.0/24 & 40.40.40.0/24 with a ‘?’. This means the path/origin is unknown which a representation of a route(s) being redistributed into BGP. So this is ok 🙂

Let go and check our EDGE-Switch BGP relationship and BGP routing-table:


Now we see routes 20.20.20.0/24 & 40.40.40.0/24 from our peer in AS 1211 with a ‘?’. This is ok.

The true test is if we can reach those networks – let’s Ping:


Looks like I can reach them!

Let’s check the Core:


Since I’ve used static routes, the next hop is through VLAN 13 [2.2.2.0/24 & 11.11.11.0/24].

Let’s see if we can reach them:


Doesn’t look like I came reach them, the Pings failed… Which is what we desired. So, it worked!

For those verse on Cisco CLI… You can easily convert the Comware configurations into Cisco’esque commands.

Leave comment below…

Happy Configuring!

Related Posts

AHA – Cisco Re-Certification Journey

October 7, 2020

AHA Project: Lab WorkBench

October 7, 2020

About alim

View all posts by alim →

Leave a Reply

Your email address will not be published. Required fields are marked *